00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00051 define("PATH_TO_ROOT", "../../");
00052
00053 require_once (PATH_TO_ROOT."common/init.inc.php");
00054 if (isset($_POST['Cancel'])) {
00055 header("Location: ".$_SERVER['PHP_SELF']);
00056 exit;
00057 }
00058
00059 require_once (PATH_TO_ROOT."common/header.inc.php");
00060 include_once ('./classes/class.adminfunctions.inc.php');
00061 include_once ('../classes/class.photofunctions.inc.php');
00062 include_once "../header.inc.php";
00064 require_once (PATH_TO_ROOT."common/tinymceconfig.inc.php");
00065 global $js;
00066 $eStudyPage->appendJavaScriptFile($js);
00067 writeContentHeader("Fotoalben editieren / entfernen");
00068 $admin = $_SESSION['usergroup'];
00069
00070 if (!isset($_GET['action']) && !isset($_POST['action'])) {
00071 echo "<div class='error'>Die erforderlichen Parameter fehlen!</div>";
00072 }
00073
00074 elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == "edit" && isset($_REQUEST['id'])) {
00075 $board_id = intval($_REQUEST['id']);
00076 $canedit = getAlbumRight('admin', $board_id) && getGalleryRight('edit', $board_id);
00077 if ($canedit) {
00078 $cat_id = $_SESSION['course'];
00079 $destination = "editboard.php";
00080 $action = "edit";
00081 if (isset($_POST['Send'])) {
00082 $description = $_POST['description'];
00083 $en = $_POST['en'];
00084 $filesallowed = 1;
00085 $anonymousallowed = 0;
00086 $helpdesk = 0;
00087 $marking = $_POST['marking'];
00088 $boardname = $_POST['boardname'];
00089
00090 $photo_view = (int)isset($_POST['photo_view']);
00091 $photo_upload = (int)isset($_POST['photo_upload']);
00092 $photo_edit = (int)isset($_POST['photo_edit']);
00093 $photo_remove = (int)isset($_POST['photo_remove']);
00094
00095 $eins = 0;
00096 $zwei = (int)isset($_POST['II']);
00097 $drei = 0;
00098 $vier = 0;
00099 $fuenf = 0;
00100 $sechs = 0;
00101 $sieben = (int)isset($_POST['VII']);
00102 $acht = (int)isset($_POST['VIII']);
00103 $neun = 0;
00104 $zehn = 0;
00105 $elf = 0;
00106 $zwoelf = 0;
00107 $dreizehn = 0;
00108 $vierzehn = 0;
00109 $fuenfzehn = 0;
00110 $sechszehn = 0;
00111 $siebzehn = 0;
00112 $achtzehn = 0;
00113 $accessmask = $eins.$zwei.$drei.$vier.$fuenf.$sechs.$sieben.$acht.$neun.$zehn.$elf.$zwoelf.$dreizehn.$vierzehn.$fuenfzehn.$sechszehn.$siebzehn.$achtzehn;
00114 $mustsee = (int)isset($_POST['mustsee']);
00115
00116 updateBoardRights($board_id, $accessmask, $photo_view, $photo_upload, $photo_edit, $photo_remove);
00117 $r_board = query("SELECT categoryid, boardorder FROM forum_board WHERE boardid=$board_id AND is_photogallery=1");
00118 $oldboard = mysql_fetch_array($r_board);
00119 $maxorder = $oldboard['boardorder'];
00120 $sql = "UPDATE forum_board SET boardname='".Data::toMysql($boardname) ."',
00121 boarddescription='".Data::toMysql($description) ."',
00122 boardorder='$maxorder',
00123 boarddisabled = '$en',
00124 anonymousallowed = $anonymousallowed,
00125 helpdesk = $helpdesk,
00126 marking = $marking,
00127 filesallowed = $filesallowed,
00128 mustsee = $mustsee
00129 WHERE boardid=$board_id AND is_photogallery=1 LIMIT 1";
00130 query($sql);
00131 echo '<br/>';
00132 message("", "Board Einstellungen wurden geändert!");
00133 } else {
00134 $r_board = query("SELECT boardid, boardname, boardlastpost, boardthreads, boardposts, boarddescription,
00135 categoryid, boarddisabled, anonymousallowed, filesallowed, helpdesk, marking, mustsee FROM forum_board WHERE boardid=$board_id AND is_photogallery=1 LIMIT 1");
00136 $board = mysql_fetch_array($r_board);
00137 $r_boardgroupid = query("SELECT groupid FROM forum_group WHERE name ='".$board['categoryid']."_students';");
00138 $boardgroupid = mysql_fetch_array($r_boardgroupid);
00139
00140 $photo = getAlbumRights($board_id);
00141 if (isset($board['categoryid'])) {
00142 $r_boardrights = query("SELECT accessmask FROM forum_groupboard WHERE groupid=".$boardgroupid['groupid']." AND boardid=$board_id;");
00143 $boardrights = mysql_fetch_array($r_boardrights);
00144 }
00145 BoardForm::CreateForm($board, $boardrights['accessmask'], $action, $cat_id, "post", $destination, $photo->view, $photo->upload, $photo->edit, $photo->remove);
00146 echo "</td></tr>";
00147
00148
00149 if (isset($_POST['addrights'])) {
00150 if ($_POST['added_id']) {
00151 $safeid = Data::toMysql($_POST['added_id']);
00152 $safeview = (int)isset($_POST['added_view']);
00153 $safeupload = (int)isset($_POST['added_upload']);
00154 $safeedit = (int)isset($_POST['added_edit']);
00155 $safedelete = (int)isset($_POST['added_delete']);
00156 $safeadmin = (int)isset($_POST['added_admin']);
00157
00158 $dbresult = $db->get_row("SELECT COUNT(*) AS count FROM photogallery_rights WHERE course_id=".$_SESSION['course']." AND album_id=$board_id AND usr_id=$safeid");
00159 if ($dbresult->count == 0) $db->query("INSERT INTO photogallery_rights (course_id,album_id,usr_id,view,upload,edit,remove,admin) VALUES($_SESSION[course],$board_id,$safeid,$safeview,$safeupload,$safeedit,$safedelete,$safeadmin)");
00160 }
00161 } elseif (isset($_GET['removeright']) && $_GET['rightid']) {
00162 $safeid = Data::toMysql($_GET['rightid']);
00163 $db->query("DELETE FROM photogallery_rights WHERE course_id=".$_SESSION['course']." AND album_id=$board_id AND usr_id=$safeid");
00164 } elseif (isset($_POST['updaterights'])) {
00165
00166 $dbresult = $db->get_results("SELECT usr_id FROM photogallery_rights WHERE course_id=".$_SESSION['course']." AND album_id=$board_id");
00167 if ($dbresult) {
00168 foreach($dbresult as $dbright) {
00169 $usr_id = $dbright->usr_id;
00170 $update_view = (int)isset($_POST["change_{$usr_id}_view"]);
00171 $update_upload = (int)isset($_POST["change_{$usr_id}_upload"]);
00172 $update_edit = (int)isset($_POST["change_{$usr_id}_edit"]);
00173 $update_remove = (int)isset($_POST["change_{$usr_id}_delete"]);
00174 $update_admin = (int)isset($_POST["change_{$usr_id}_admin"]);
00175 $db->query("UPDATE photogallery_rights SET view=$update_view, upload=$update_upload, edit=$update_edit, remove=$update_remove, admin=$update_admin WHERE course_id=".$_SESSION['course']." AND album_id=$board_id AND usr_id=$usr_id LIMIT 1");
00176 }
00177 }
00178 }
00179 echo "<tr><td colspan='2' align='center'><form id='add' method='post' action='".PATH_TO_ROOT.SCRIPT_NAME."?action=edit&id=$board_id'><table class='contentTable'>";
00180 Output::echoTableHead("Spezielle Studentenrechte", 7);
00181
00182 echo '<tr><td colspan="7" align="center" class="tableCellDark"> <p>Hier können sie spezielle Rechte für einzelne Studenten innerhalb dieses Albums vergeben.</p></td></tr>';
00183 echo '<tr><td class="tableCellHead" style="text-align:center;">Name</td>';
00184 echo '<td class="tableCellHead" style="text-align:center;"><span title="Dieser Student kann sich das Album ansehen">Sichtbar</span></td>';
00185 echo '<td class="tableCellHead" style="text-align:center;"><span title="Dieser Student kann neue Bilder in das Album einfügen">Upload</span></td>';
00186 echo '<td class="tableCellHead" style="text-align:center;"><span title="Dieser Student kann seine eigenen Bilder editieren">Editieren</span></td>';
00187 echo '<td class="tableCellHead" style="text-align:center;"><span title="Dieser Student kann seine eigenen Bilder löschen">Löschen</span></td>';
00188 echo '<td class="tableCellHead" style="text-align:center;"><span title="Dieser Student kann dieses Album bearbeiten / löschen">Admin</span></td>';
00189 echo '<td class="tableCellHead"></td></tr>';
00190
00191 $dbresult = $db->get_results("SELECT * FROM user RIGHT JOIN photogallery_rights ON user.ID=photogallery_rights.usr_id WHERE course_id=".$_SESSION['course']." AND album_id=$board_id AND usr_id<>0 ");
00192 if ($dbresult) {
00193 foreach($dbresult as $user) {
00194 echo "<tr><td class='tableCell'>{$user->Nachname}, {$user->Vorname}</td>";
00195 echoRightsSelectors("change_$user->ID", $user->view == 1, $user->upload == 1, $user->edit == 1, $user->remove, $user->admin);
00196 echo "<td class='tableCell' style='text-align:center;'><a href='".PATH_TO_ROOT.SCRIPT_NAME."?action=edit&id=$board_id&removeright=1&rightid=$user->ID' title='Spezielle Rechte dieses Studenten entfernen'>".Output::getIcon('icon_delete', 'Spezielle Rechte dieses Studenten entfernen') ."</a></td>";
00197 echo "</tr>";
00198 }
00199 }
00200
00201 echo "<tr><td class='tableCell' style='width:40%'><select name='added_id' style='width:100%'>";
00202 if (!echoRightsUserlist("AND user.ID NOT IN( SELECT usr_id FROM photogallery_rights WHERE course_id=".$_SESSION['course']." AND album_id=$board_id)")) {
00203 echo "<option style='font-style:italic;'>keine weiteren Studenten im Kurs</option>";
00204 echo "</select></td>";
00205 echoRightsSelectors("added", false, false, false, false, false);
00206 echo "<td class='tableCell' style='width:1%'><input type='submit' name='add_rights' value='Hinzufügen' disabled='disabled'/></td></tr>";
00207 } else {
00208 echo "</select></td>";
00209 echoRightsSelectors("added", false, false, false, false, false);
00210 echo "<td class='tableCell' style='width:1%'><input type='submit' name='addrights' value='Hinzufügen'/></td></tr>";
00211 }
00212 echo "<tr><td class='tableCellDark' colspan='7' style='text-align:center;'><input type='submit' name='updaterights' value='Rechte aktualisieren'/></td></tr>";
00213 echo "</table></form>";
00214 }
00215 } else {
00216 echo "<div class='error'>Sie haben kein Recht dieses Album zu bearbeiten!</div>";
00217 }
00218 }
00219
00220 elseif ($_GET['action'] == "delete" && $_GET['forumid']) {
00221 $board_id = Data::toMysql( $_GET['forumid'] );
00222 $candelete = getAlbumRight('admin', $board_id) && getGalleryRight('remove', $board_id);
00223 if ($candelete && is_numeric($board_id) ) {
00224 if (isset($_GET['confirm'])) {
00225
00226 mysql_query("DELETE FROM forum_board WHERE boardid='$board_id'");
00227
00228 $result = mysql_query("SELECT threadid FROM forum_thread WHERE boardid='$board_id'");
00229 if ($result) while ($topic = mysql_fetch_array($result)) {
00230 mysql_query("DELETE FROM forum_post WHERE threadid='".(int)Data::toMysql($topic['threadid'], false)."'");
00231 }
00232
00233 mysql_query("DELETE FROM forum_thread WHERE boardid='$board_id'");
00234
00235 mysql_query("DELETE FROM forum_groupboard WHERE boardid='$board_id'");
00236
00237 mysql_query("DELETE FROM forum_lastvisited WHERE boardid='$board_id'");
00238
00239 mysql_query("DELETE FROM forum_subscribe WHERE boardid='$board_id'");
00240
00241 mysql_query("DELETE FROM photogallery_rights WHERE album_id='$board_id'");
00242 message("", "Board wurde gelöscht");
00243 } else {
00244 $id = $_GET['forumid'];
00245 print '<span style="color: #FF0000;"><br/><strong>WARNUNG: Wollen Sie das Board wirklich löschen?</strong></span><br/><br/>';
00246 print "Klicken Sie <a href=\"editboard.php?action=delete&forumid=$id&confirm=1\" title='Löschen'>hier</a> um zu bestätigen";
00247 }
00248 } else {
00249 echo "<div class='error'>Sie haben kein Recht dieses Album zu löschen!</div>";
00250 }
00251 }
00252
00253 elseif ($_GET["action"] == "updateorder") {
00254 while (list($boardid, $boardorder) = each($_GET["boardord"])) {
00255 intval($boardorder) && query("UPDATE forum_board SET boardorder=".intval($boardorder) ." WHERE boardid=".intval($boardid));
00256 }
00257 message("", "Board Reihenfolge wurde geändert!");
00258 }
00259 include_once "../footer.inc.php";
00260
00261 require_once (PATH_TO_ROOT."common/footer.inc.php");
00262 ?>
